Hackin9

Researchers said they have uncovered two apps that were downloaded from the official Google Play market more than one million times that use Android devices to mine the Litecoin and Dogecoin cryptocurrencies without explicitly informing end users.

According to a blog post published Tuesday by a researcher from antivirus provider Trend Micro, the apps are Songs, installed from one million to five million times, and Prized, which was installed from 10,000 to 50,000 times. Neither the app descriptions nor their terms of service make clear that the apps subject Android devices to the compute-intensive process of mining, Trend Micro Mobile Threats Analyst Veo Zhang wrote. As of Wednesday afternoon, the apps were still available.

Mining apps typically consume larger-than-average amounts of electricity and can generate extremely hot temperatures as CPUs, GPUs, or other types of processors strain to perform cryptographic hashing functions required for users to mint new digital coins. The strain can be especially onerous on smartphones, because they're equipped with hardware that's much less powerful than that found in traditional computers. The apps discovered by Trend Micro were programmed to mine coins only when devices were recharging. That setting would help prevent batteries from draining quickly, but it would do nothing to prevent devices from overheating or consuming large amounts of bandwidth.

Read 3 remaining paragraphs | Comments

 
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
[SECURITY] [DSA 2886-1] libxalan2-java security update
 
[SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update
 
Businesses leaders and IT executives are registering higher levels of dissatisfaction with IT as more demands are placed on technology, according to two new studies.
 
 
[SECURITY] [DSA 2884-1] libyaml security update
 
Firefox for Android Profile Directory Derandomization and Data Exfiltration (CVE-2014-1484, CVE-2014-1506, CVE-2014-1515, CVE-2014-1516)
 
The price war among major cloud providers continues, with Amazon Web Services announcing Wednesday that it is lowering the prices of a number of its cloud services, one day after Google slashed prices.
 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
With its acquisition of virtual reality gaming company Oculus VR , Facebook may have found a way to lure back younger users to the social network.
 
Cisco Security Advisory: Cisco IOS Software Crafted IPv6 Packet Denial of Service Vulnerability
 
One NASA astronaut and two Russian cosmonauts are still orbiting the Earth in a Russian Soyuz spacecraft nearly 24 hours after lifting off on what was expected to be a six-hour trip.
 
The recently closed Full Disclosure security mailing list, which served as an open discussion forum for security researchers since 2002, was replaced Tuesday with a new list that will serve the same purpose, but will require former members to resubscribe.
 
Cisco Security Advisory: Cisco IOS Software Internet Key Exchange Version 2 Denial of Service Vulnerability
 
Cisco Security Advisory: Cisco 7600 Series Route Switch Processor 720 with 10 Gigabit Ethernet Uplinks Denial of Service Vulnerability
 
Linux Kernel Multiple Function Remote Memory Corruption Vulnerabilities
 
Linux Kernel 'get_rx_bufs()' Function Denial of Service Vulnerability
 
Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability
 
Cisco Security Advisory: Cisco IOS Software Network Address Translation Vulnerabilities
 
Tablet sales are slowing, forcing sellers and potential buyers alike to confront confusion over which device to buy.
 
Microsoft on Thursday will publicly webcast a press event from San Francisco during which many expect CEO Satya Nadella to not only make his first appearance but also announce an upcoming Office for Apple's iPad.
 

Info sec industry still struggles to attract women
CSO
According to latest research, such as the 2013 (ISC)2 Global Information Security Workforce Study, only 11 percent of infosec professionals are female. There are a number of barriers preventing women from entering or staying in the field, but both ...

and more »
 
The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology seeks collaborators to address key security challenges in identity verification and access management for the electric power ...
 
The wildly successful playbook used by Steve Jobs at Apple would normally be copied and followed by other companies looking for a competitive edge.
 
The idea that sparked the start-up SmartThings was a personal disaster.
 
HP Unified Functional Testing CVE-2013-6210 Remote Code Execution Vulnerability
 
Apple Mac OS X APPLE-SA-2014-02-25-1 Multiple Security Vulnerabilities
 
cURL/libcURL CVE-2014-2522 SSL Certificate Validation Security Bypass Vulnerability
 
ESA-2014-015: RSA® Authentication Manager Cross Frame Scripting Vulnerability
 
VUPEN Security Research - Mozilla Firefox "BumpChunk" Object Processing Use-after-free (Pwn2Own)
 
VUPEN Security Research - Google Chrome "Clipboard::WriteData()" Function Sandbox Escape (Pwn2Own)
 
VUPEN Security Research - Google Chrome Blink "locationAttributeSetter" Use-after-free (Pwn2Own)
 
A new variant of the Gameover computer Trojan is targeting job seekers and recruiters by attempting to steal log-in credentials for Monster.com and CareerBuilder.com accounts.
 
Microsoft yesterday pulled out a fear-of-God approach to scare users into dumping Windows XP, telling them that the most popular tasks done on a PC will put them in the crosshairs of cyber criminals.
 
LinuxSecurity.com: Multiple buffer overflow flaws in libupnp may allow execution of arbitrary code.
 
LinuxSecurity.com: Updated samba3x and samba packages that fix two security issues are now available for Red Hat Enterprise Linux 5 and 6 respectively. The Red Hat Security Response Team has rated this update as having Moderate [More...]
 
LinuxSecurity.com: Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More...]
 
LinuxSecurity.com: OpenSSH incorrectly handled environment restrictions with wildcards.
 
Moodle Assignment Web Services Security Bypass Vulnerability
 
On April 9 and 10, 2014, the National Institute of Standards and Technology (NIST) will host a workshopxa0that focuses on developing 'privacy engineering' to ensure that privacy is an integral part of the design process of new IT ...
 
Three employees of the National Institute of Standards and Technology (NIST) recently received awards for their national and international contributions to information technology.Naomi Lefkovitza id='http:patapsco.nist.govimagegalle
 
Infor is betting big on Amazon Web Services for its cloud ERP (enterprise-resource-planning) software strategy, with plans to begin offering a series of product suites on the company's IaaS (infrastructure as a service).
 
A DJI F450 quadcopter with an onboard GoPro and a Spektrum DX6i remote control unit.
SensePost

Seven months ago, Ars documented CreepyDOL, a low-cost, distributed network of Wi-Fi sensors that stalks smartphone-toting people as they move about neighborhoods or even entire cities. As each node is small enough to be slipped into an overlooked nook at the nearby gym, cafe, or break room, the system can assemble a shockingly detailed dossier of personal data, including the schedules, e-mail addresses, personal photos, and current or past whereabouts of the person or people it monitors.

Now, CreepyDOL—short for Creepy Distributed Object Locator—is about to be outdone by a newly updated DIY stalker device that has the potential to collect orders of magnitude more data from people. Dubbed Snoopy, it can track not only Wi-Fi, but also signals based on radio frequency identification (RFID) and the Bluetooth and 802.15 specifications. Combined with a GPS card that correlates signals to the location where they're detected, the capabilities let Snoopy spy not only on phones, tablets, and computers, but also, potentially, on pacemakers, fitness bracelets, smartcards, and other electronics. Plus, the geographically aware Snoopy can also be mounted on a low-cost aerial drone so it can locate and maintain radio contact even when subjects are on a morning run or situated in a high-rise building, a country inn, or some other out-of-the way location.

The researchers behind an earlier version of Snoopy that tracked only Wi-Fi signals have already used it to track more than 42,000 unique devices during a single 14-hour experiment in 2012 at the King's Cross train station in London. They have also unleashed Snoopy in a variety of other environments over the past two years, including at several security conferences. By taking careful notice of the Wi-Fi networks the devices have previously accessed (and continue to search for), the researchers were able to detect likely relationships among users. Four devices that hailed an SSID that the researchers geolocated to a London branch of one of the UK's largest banks, for instance, were presumed to belong to coworkers of the financial institution.

Read 13 remaining paragraphs | Comments

 

UK plans to professionalise infosec are too rigid, says (ISC)2
ComputerWeekly.com
Government plans to establish an “approved standard” and to potentially underwrite “chartered” status for UK cyber security professionals are “worrying”, says John Colley, managing director for (ISC)2 Europe. (ISC) is the largest membership body of ...

 

We have written a couple diaries about port 5000 traffic, and received plenty of packet captures. But we still need to get all the pieces together to see what the "end game" is with these attacks. Here is what I found so far from our honeypot:

- a lot of the port 5000 traffic is spoofed.

I do receive "SYNs" from an IP, and my honeypot responds with a SYN-ACK, but then I get a reset back with a very different TTL.

- the once that connect, send a couple different requests (a.b.c.d is the address of the honey pot)

GET / HTTP/1.1
Accept-Encoding: identity
Host: a.b.c.d:5000
 
GET /robots.txt HTTP/1.1
Accept-Encoding: identity
Host: a.b.c.d:5000
 
GET / HTTP/1.1
Accept-Encoding: identity
Host: a.b.c.d:5000
 
GET /webman/info.cgi?host= HTTP/1.0
Host: a.b.c.d
User-Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.107 Safari/537.36
 
GET /webman/info.cgi?host= HTTP/1.0
Host: a.b.c.d:5000
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Content-Type: application/x-www-form-urlencoded
Content-Length: 0
 
The last two requests point to a Synology vulnerability. But, just like the others, it appears to be more a "Fingerprinting" request trying to figure out if the system is vulnerable.
 
If you have a Synology Diskstation, I would very much appreciate if you could send these requests to the disk station, and send me a packet capture of the response. This way, I can improve my honeypot to respond "correctly". Please let me know what software version you are running.
 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

------
Johannes B. Ullrich, Ph.D.
SANS Technology Institute
Twitter

(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Consumers will lead the charge to the Internet of Things, but enterprise adaptation will not be far behind. Will your IT department be ready?
 

Lynn DeCourcey: NJVC-InfoSec Partnership to Focus on Govt Cyber Training
ExecutiveBiz (blog)
NJVC has partnered with the InfoSec Institute to offer information security courses that are designed to meet cyber workforce training requirements set by the Defense Department. The Infosec Institute develops hands-on lab and online curricula to help ...
NJVC and InfoSec Institute Partner to Provide Cyber Security Training ServicesPR Web (press release)

all 2 news articles »
 
An actress in an anti-Islam movie trailer has filed for a contempt of court order on Google for its alleged 'near-total disregard' of an appeals court's order asking it to take down copies of the video from YouTube.
 
In another sign of the mainstream growth of wearable devices, Intel has acquired high-end health tracker maker Basis Science.
 
A company that bought Nortel patents is suing Cisco Systems, alleging "immense" infringement by the network vendor's switches, routers and other products.
 
Bitcoin's popularity is growing, but even its biggest backers say it has a mountain of problems to overcome in gathering wider appeal.
 
A federal judge in New York on Tuesday dismissed a lawsuit filed by Paul D. Ceglia, claiming half ownership of Facebook.
 
SMB4K CVE-2014-2581 Information Disclosure Vulnerability
 
qEngine Database Backup Information Disclosure Vulnerability
 
Microsoft's efforts to push the concept of a "2-in-1" device, a tablet that does double duty as a notebook, will continue to struggle, an IDC analyst said Tuesday.
 
Cloud, mobile and other tech investments are expected to yield benefits to both the top and bottom lines. But communication, integration and shadow IT challenges lurk.
 
Two banks that claim to have suffered losses from the recent data breach at Target have sued Trustwave Holdings Inc., the company that was responsible for validating Target's compliance with the Payment Card Industry Data Security Standard.
 
Mozilla Firefox/Thunderbird/SeaMonkey CVE-2014-1493 Multiple Memory Corruption Vulnerabilities
 

NJVC and InfoSec Institute Partner to Provide Cyber Security Training Services
PR Web (press release)
Pairing NJVC's mission-proven cyber security solutions with InfoSec Institute's cyber training expertise creates a very powerful and comprehensive solution to customers. Chantilly, VA (PRWEB) March 26, 2014. NJVC®, an information technology solutions ...

and more »
 
Samba SAMR Server Password Lockout Bypass Information Disclosure Weakness
 

Posted by InfoSec News on Mar 26

http://www.chicagobusiness.com/article/20140325/BLOGS11/140329865

By John Pletz
On Technology
Crains Chicago Business
March 25, 2014

Trustwave Holdings Inc., a Chicago-based credit card security company, was
sued alongside Target Corp. by banks who say they suffered financial
damages when the retailer was hacked during the holiday shopping season.

Although the most serious allegations are leveled at Target, the suit
alleges that Trustwave...
 
Internet Storm Center Infocon Status